Fix ipaddr fallback onto ipv6
Resolves: Bug#1168868
This commit is contained in:
parent
94d784ece8
commit
ba9071d76e
@ -0,0 +1,62 @@
|
|||||||
|
From 64ee0b30df59857bce8f0efea019d065cf48c54c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
||||||
|
Date: Thu, 18 Dec 2014 22:05:35 +0200
|
||||||
|
Subject: [PATCH 2/2] Don't overwrite ip_hton af/prefix in fr_pton4/6
|
||||||
|
|
||||||
|
Don't overwrite address family and prefix set by ip_hton (which can fall
|
||||||
|
back onto other address family) with AF_INET/32 and AF_INET6/128, in
|
||||||
|
fr_pton4 and fr_pton6 respectively.
|
||||||
|
|
||||||
|
This fixes radiusd listening on wrong address data when falling back to
|
||||||
|
another address family.
|
||||||
|
---
|
||||||
|
src/lib/misc.c | 12 ++++++------
|
||||||
|
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/lib/misc.c b/src/lib/misc.c
|
||||||
|
index ad27057..cf49917 100644
|
||||||
|
--- a/src/lib/misc.c
|
||||||
|
+++ b/src/lib/misc.c
|
||||||
|
@@ -238,6 +238,9 @@ int fr_pton4(fr_ipaddr_t *out, char const *value, size_t inlen, bool resolve, bo
|
||||||
|
* 192.0.2.2 is parsed as if it was /32
|
||||||
|
*/
|
||||||
|
if (!p) {
|
||||||
|
+ out->prefix = 32;
|
||||||
|
+ out->af = AF_INET;
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* Allow '*' as the wildcard address usually 0.0.0.0
|
||||||
|
*/
|
||||||
|
@@ -258,9 +261,6 @@ int fr_pton4(fr_ipaddr_t *out, char const *value, size_t inlen, bool resolve, bo
|
||||||
|
}
|
||||||
|
} else if (ip_hton(out, AF_INET, value, fallback) < 0) return -1;
|
||||||
|
|
||||||
|
- out->prefix = 32;
|
||||||
|
- out->af = AF_INET;
|
||||||
|
-
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -338,6 +338,9 @@ int fr_pton6(fr_ipaddr_t *out, char const *value, size_t inlen, bool resolve, bo
|
||||||
|
|
||||||
|
p = strchr(value, '/');
|
||||||
|
if (!p) {
|
||||||
|
+ out->prefix = 128;
|
||||||
|
+ out->af = AF_INET6;
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* Allow '*' as the wildcard address
|
||||||
|
*/
|
||||||
|
@@ -350,9 +353,6 @@ int fr_pton6(fr_ipaddr_t *out, char const *value, size_t inlen, bool resolve, bo
|
||||||
|
}
|
||||||
|
} else if (ip_hton(out, AF_INET6, value, fallback) < 0) return -1;
|
||||||
|
|
||||||
|
- out->prefix = 128;
|
||||||
|
- out->af = AF_INET6;
|
||||||
|
-
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.1.3
|
||||||
|
|
64
freeradius-Resolve-to-all-families-on-ip_hton-fallback.patch
Normal file
64
freeradius-Resolve-to-all-families-on-ip_hton-fallback.patch
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
From a23dbf402ad466bf41c95da82e58dedc7b615f99 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
|
||||||
|
Date: Mon, 1 Dec 2014 14:15:45 -0500
|
||||||
|
Subject: [PATCH 1/2] Resolve to all families on ip_hton fallback
|
||||||
|
|
||||||
|
If we're doing fallback resolution we need to set the address family to
|
||||||
|
AF_UNSPEC to get both IPv6 and IPv4 addresses
|
||||||
|
|
||||||
|
The af that was passed in, is then used to set the preference
|
||||||
|
---
|
||||||
|
src/lib/misc.c | 25 +++++++++++++------------
|
||||||
|
1 file changed, 13 insertions(+), 12 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/lib/misc.c b/src/lib/misc.c
|
||||||
|
index d0ccd6c..ad27057 100644
|
||||||
|
--- a/src/lib/misc.c
|
||||||
|
+++ b/src/lib/misc.c
|
||||||
|
@@ -845,7 +845,15 @@ int ip_hton(fr_ipaddr_t *out, int af, char const *hostname, bool fallback)
|
||||||
|
int rcode;
|
||||||
|
struct addrinfo hints, *ai = NULL, *alt = NULL, *res = NULL;
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * Avoid malloc for IP addresses. This helps us debug
|
||||||
|
+ * memory errors when using talloc.
|
||||||
|
+ */
|
||||||
|
+#ifdef TALLOC_DEBUG
|
||||||
|
+ if (true) {
|
||||||
|
+#else
|
||||||
|
if (!fr_hostname_lookups) {
|
||||||
|
+#endif
|
||||||
|
#ifdef HAVE_STRUCT_SOCKADDR_IN6
|
||||||
|
if (af == AF_UNSPEC) {
|
||||||
|
char const *p;
|
||||||
|
@@ -872,22 +880,15 @@ int ip_hton(fr_ipaddr_t *out, int af, char const *hostname, bool fallback)
|
||||||
|
}
|
||||||
|
|
||||||
|
memset(&hints, 0, sizeof(hints));
|
||||||
|
- hints.ai_family = af;
|
||||||
|
|
||||||
|
-#ifdef TALLOC_DEBUG
|
||||||
|
/*
|
||||||
|
- * Avoid malloc for IP addresses. This helps us debug
|
||||||
|
- * memory errors when using talloc.
|
||||||
|
+ * If we're falling back we need both IPv4 and IPv6 records
|
||||||
|
*/
|
||||||
|
- if (af == AF_INET) {
|
||||||
|
- /*
|
||||||
|
- * If it's all numeric, avoid getaddrinfo()
|
||||||
|
- */
|
||||||
|
- if (inet_pton(af, hostname, &out->ipaddr.ip4addr) == 1) {
|
||||||
|
- return 0;
|
||||||
|
- }
|
||||||
|
+ if (fallback) {
|
||||||
|
+ hints.ai_family = AF_UNSPEC;
|
||||||
|
+ } else {
|
||||||
|
+ hints.ai_family = af;
|
||||||
|
}
|
||||||
|
-#endif
|
||||||
|
|
||||||
|
if ((rcode = getaddrinfo(hostname, NULL, &hints, &res)) != 0) {
|
||||||
|
fr_strerror_printf("ip_hton: %s", gai_strerror(rcode));
|
||||||
|
--
|
||||||
|
2.1.3
|
||||||
|
|
@ -49,6 +49,8 @@ Patch25: freeradius-rad_counter-use-heredoc-for-help-message.patch
|
|||||||
Patch26: freeradius-rad_counter-Refine-help-message.patch
|
Patch26: freeradius-rad_counter-Refine-help-message.patch
|
||||||
Patch27: freeradius-dhcpclient-Add-a-short-description-to-help-output.patch
|
Patch27: freeradius-dhcpclient-Add-a-short-description-to-help-output.patch
|
||||||
Patch28: freeradius-raddb-Move-trigger.conf-INCLUDE-before-modules.patch
|
Patch28: freeradius-raddb-Move-trigger.conf-INCLUDE-before-modules.patch
|
||||||
|
Patch29: freeradius-Resolve-to-all-families-on-ip_hton-fallback.patch
|
||||||
|
Patch30: freeradius-Don-t-overwrite-ip_hton-af-prefix-in-fr_pton4-6.patch
|
||||||
|
|
||||||
%global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
|
%global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
|
||||||
|
|
||||||
@ -233,6 +235,8 @@ This plugin provides the unixODBC support for the FreeRADIUS server project.
|
|||||||
%patch26 -p1
|
%patch26 -p1
|
||||||
%patch27 -p1
|
%patch27 -p1
|
||||||
%patch28 -p1
|
%patch28 -p1
|
||||||
|
%patch29 -p1
|
||||||
|
%patch30 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# Force compile/link options, extra security for network facing daemon
|
# Force compile/link options, extra security for network facing daemon
|
||||||
|
Loading…
Reference in New Issue
Block a user